Configurations control the behavior of Information Manager components.
To distribute configurations to a computer, you can associate a configuration with the computer. You can then distribute the configuration either immediately or at a later date, depending on your needs.
See“About editing computer properties”on page 179.
Associating configurations directly with a computerdefines each of the available configurations that can be associated directly with a computer.
Description Configuration
Contains the common Information Manager server settings, which may affect one or more components on an Information Manager server. For example, configuration settings define which directory service and database the server should use.
Symantec Event Agent and Manager – Manager Configurations
Contains settings for services within the Information Manager server, such as the event logging subsystem or the configuration service.
Symantec Event Agent and Manager – Manager Component Configurations
Lets you control how failover is performed from the Information Manager server to directory service and Information Manager server to database.
Symantec Event Agent and Manager – Manager Connection Configurations
Sets the agent to Information Manager server failover. Failover is the ability of Information Manager components to automatically switch to designated secondary resources if the primary resource fails or terminates abnormally.
Symantec Event Agent and Manager – Agent Connection Configurations
Lets the agent communicate with the corresponding Information Manager server.
They include which primary and secondary server to connect to and how to get configuration information and report inventory. In addition, they include how these computers should receive LiveUpdate information.
Symantec Event Agent and Manager – Agent Configurations
Protection Event Collector to collect DB sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Collector
Configures LiveUpdate to obtain software updates for the various software components of Information Manager, such as event collectors, relays, security content, rules, and filters.
LiveUpdate 1.0 – LiveUpdate
Configures Java LiveUpdate to obtain software updates for the various software components of Information Manager, such as event collectors, relays, security content, rules, and filters.
LiveUpdate 1.0 – Java LiveUpdate
Description Configuration
Configures the Internet Security Systems RealSecure SiteProtector Event Collector to collect DB sensor data from the following platforms:
■ ISS RealSecure Gigabit Network Sensor 7.0
■ ISS RealSecure Network Sensor 6.5/7.0
■ ISS RealSecure Server Sensor 6.0.1/6.5/7.0 on Windows 2000
■ ISS RealSecure Server Sensor 6.0.1/6.5/7.0 on Windows 2000
■ ISS Internet Scanner 7.0
■ ISS Proventia Integrated Security Appliance (M Series)
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 ISS SiteProtector Event Collector
Collector to collect OpsecLea sensor data from the following platforms:
Check Point FireWall-1NG Application Intelligence R55 and NGX6.x (including 6.0, 6.2, and 6.5) that runs on one of the following operating systems:
■ Microsoft Windows 2000 Advanced Server with Service Pack 4 or later
■ Red Hat Enterprise Linux AS 3.0
■ Check Point Provider-1 NG and NGX 6.x (including 6.0, 6.2, and 6.5 on Red Hat) Enterprise 3, Sun Solaris, and Check Point SecurePlatform with the following configurations:
■ Check Point Provider-1 with
MDS/CMA/log server all on one computer
■ Check Point Provider-1 with separate MLM/CLM computers
■ Check Point R55 and 6.x (including 6.0, 6.2, and 6.5) that runs on the Nokia IP series appliances
■ Check Point version R70 (including IPS and Antivirus blades) is supported as long as the September 2009 (or later) LiveUpdate package is applied
■ Check Point version R71
■ Check Point Connectra NGX R66 The collector runs on the following operating systems:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0
Description Configuration
Configures Cisco ASA Event Collector to collect Syslog sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows Server 2008 with Service Pack 1 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Microsoft Windows Vista with Service Pack 1 or later
■ Microsoft Windows 7
■ Red Hat Enterprise Linux AS 4.0
■ Red Hat Enterprise Linux 5.0 (32-bit x86 only)
■ Sun Solaris (SPARC) 8, 9, and 10 Cisco ASA Event Collector
Configures Generic Syslog Event Collector to collect Syslog sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Generic Syslog Event Collector
Security Manager Event Collector to collect Syslog sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Configures Juniper NetScreen Event Collector to collect Syslog sensor data from the following platforms:
■ Symantec Security Information Manager 4.6 and 4.7.
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows Server 2008 with Service Pack 1 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Microsoft Windows Vista with Service Pack 1 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0
■ Red Hat Enterprise Linux 5.0 (32-bit x86 only)
■ Sun Solaris (SPARC) 8, 9, and 10
■ SUSE Linux Enterprise 10 Juniper Netscreen Firewall Event Collector
Description Configuration
Configures Snare for Windows Event Collector to collect Syslog sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Snare for Windows Event Collector
Configures Snort Event Collector to collect SyslogFile sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Snort Syslog Event Collector
Configures Symantec Endpoint Protection 11.0 Event Collector to collect DB sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Symantec Endpoint Protection 11.0 Event
Collector
State 11.0 Event Collector to collect DB sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0 Event Collector
Configures the Information Manager Event Collector to collect SyslogFile sensor data.
The Local Event Collector tracks the events that the Linux operating system that runs Information Manager generates. Examples include ssh commands and wrong password entries.
Symantec Security Information Manager Local Event Collector
Configures Syslog Director.
Syslog Director
Configures the Universal Logfile Event Collector to collect events from the products that log to text files.
Universal Logfile Event Collector
Configures UNIX OS Event Collector to collect syslog data from the following platforms:
■ HP-UX 11i
■ IBM AIX 5.3 and 6.x
■ Red Hat Enterprise Linux 3.0, 4.0, and 5.0
■ SUSE Linux Enterprise 9 and 10
■ Sun Solaris 8, 9, and 10
■ Nokia IPSO
■ Other Linux distributions based on the 2.6 kernel
■ Debian Linux 3.1
■ Macintosh OS X 10.4, 10,5, and 10.6 In addition, the UNIX Event Collector collects data from ISC BIND9, Linux iptables, and the Linux Audit daemon AUDITD.
UNIX OS Event Collector
Description Configuration
Configures the Universal Syslog Event Collector to collect events from the products that log events by using the Syslog protocol.
Universal Syslog Event Collector
Configures Universal Event Collector for Microsoft Windows Vista to collect events from Microsoft Windows Vista, Windows Server 2008, and Windows 7 event logs.
Universal Event Collector for Microsoft Windows Vista
Configures Universal Event Collector for Microsoft Windows to collect events from Microsoft Windows event logs.
Universal Event Collector for Microsoft Windows
Configures QualysGuard Event Collector to collect QualysGuard sensor data from the following platforms:
■ Microsoft Windows 2000 (all editions) with Service Pack 4 or later
■ Microsoft Windows Server 2003 (all editions) with Service Pack 2 or later
■ Microsoft Windows XP with Service Pack 2 or later
■ Red Hat Enterprise Linux AS 3.0
■ Red Hat Enterprise Linux AS 4.0
■ Red Hat Enterprise Linux 5.0 (32-bit x86 only)
Qualys Guard Event Collector
To associate configurations directly with the computer 1 In the Information Manager console, click System.
2 On the Administration tab, in the left pane, navigate to the relevant domain, and expand the Organizational Units navigation tree.
3 Click the name of the organizational unit that contains the computer that you want to edit.
4 In the right pane, right-click the name of the computer, and click Properties.
5 In the Computer Properties dialog box, on the Configurations tab, click Add.
6 In the Find Configurations dialog box, in the Look-in drop-down list, select the product whose configurations you want to associate with the computer.
The configurations are displayed in the Available configurations list.
See“Associating configurations directly with a computer”on page 183.
If the computer already contains a configuration, and you now select a different configuration, the new configuration replaces the old one.
8 To select a configuration for a different product, repeat steps6and7.
9 When you finish adding configurations, click OK.
10 In the Computer Properties dialog box, do one of the following:
■ To remove a configuration, select it, and click Remove.
■ To view a configuration’s properties, select it, and click Properties.
11 Click OK.